From ed50e094efc4e61c622ac995abb163a1b78b28cb Mon Sep 17 00:00:00 2001
From: Sven Mitt <svenzik@users.noreply.github.com>
Date: Mon, 31 Mar 2025 15:50:28 +0300
Subject: [PATCH] Fix deprecated method getSubjectDN() with
 getSubjectX500Principal()

WE2-960

Signed-off-by: Sven Mitt <svenzik@users.noreply.github.com>
---
 .../security/exceptions/CertificateNotTrustedException.java     | 2 +-
 .../eu/webeid/security/validator/AuthTokenValidatorBuilder.java | 2 +-
 .../webeid/security/validator/ocsp/OcspResponseValidator.java   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java b/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
index 6d2ac04e..02e44bdb 100644
--- a/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
+++ b/src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
@@ -30,7 +30,7 @@
 public class CertificateNotTrustedException extends AuthTokenException {
 
     public CertificateNotTrustedException(X509Certificate certificate, Throwable e) {
-        super("Certificate " + certificate.getSubjectDN() + " is not trusted", e);
+        super("Certificate " + certificate.getSubjectX500Principal() + " is not trusted", e);
     }
 
 }
diff --git a/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java b/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java
index aef92803..9122ee67 100644
--- a/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java
+++ b/src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java
@@ -77,7 +77,7 @@ public AuthTokenValidatorBuilder withTrustedCertificateAuthorities(X509Certifica
         if (LOG.isDebugEnabled()) {
             LOG.debug("Trusted intermediate certificate authorities set to {}",
                 configuration.getTrustedCACertificates().stream()
-                    .map(X509Certificate::getSubjectDN)
+                    .map(X509Certificate::getSubjectX500Principal)
                     .collect(Collectors.toList()));
         }
         return this;
diff --git a/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java b/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java
index 6683ce11..0dc4fda5 100644
--- a/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java
+++ b/src/main/java/eu/webeid/security/validator/ocsp/OcspResponseValidator.java
@@ -58,7 +58,7 @@ public static void validateHasSigningExtension(X509Certificate certificate) thro
         Objects.requireNonNull(certificate, "certificate");
         try {
             if (certificate.getExtendedKeyUsage() == null || !certificate.getExtendedKeyUsage().contains(OID_OCSP_SIGNING)) {
-                throw new OCSPCertificateException("Certificate " + certificate.getSubjectDN() +
+                throw new OCSPCertificateException("Certificate " + certificate.getSubjectX500Principal() +
                     " does not contain the key usage extension for OCSP response signing");
             }
         } catch (CertificateParsingException e) {